The present invention pertains to a method and system for electronically ascertaining whether a person attempting some action, e.g., someone attempting to process a credit card transaction or to log on to a server, is in fact a person authorized to perform such action.
Systems for verifying personal identity through use of an IC card, smart card, in the possession of such person are known in the art. Furthermore, systems for verifying personal identity through use of an ID (e.g., telephone number) of a mobile telephone in the possession of such person are known in the art. However, such systems, rather than ascertaining the identity of the person in question, substitute ascertainment of the fact of use of such equipment (serving as a tool for such purpose) for verification of personal identity. A third party using such equipment and pretending to be the person in question might easily outwit such a system.
Also known in the art are systems for verifying personal identity whereby a user ID-password set unique to a person is input into the system by the person in question, and authentication is carried out using that user ID-password set. However, by intercepting communication between that person and the system, a third party might gain access to the user ID-password set and might make illicit use of same.
To improve reliability of authentication, systems for verifying personal identity making use of temporary or one-time IDs good for only a single use are known in the art. The systems described at Japanese Patent Application Publication Kokai No. H12-10927 (2000), Japanese Patent Application Publication Kokai No. H13-175599 (2001), Japanese Patent Application Publication Kokai No. H14-7355 (2002) and the like may be cited as examples. However, in all of these systems, for a one-time ID to be issued, a set comprising an ID of a mobile telephone or a user ID and a password must be input into the system, just as was the case with the other conventional systems described above. This being the case, here again a third party might use the mobile telephone and pretend to be the person in question, or might intercept communication to gain access to the user ID-password set, allowing the third party to acquire a one-time ID in the same fashion as the person in question, which might then be used for some illicit purpose by the third party.
Moreover, as more reliable systems for verifying personal identity, arrangements making use of biometric equipment are known and have recently even become something of a fad. However, the fact that expensive biometric equipment must be purchased makes this an unattractive option for use in verifying personal identity for the everyday sorts of actions performed by large numbers of people, such as those involving processing of credit transactions or logging on to a system.